microsim-matcher
Fail
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to
api.github.comandraw.githubusercontent.comto check for updates and download latest reference data. These operations target a well-known service and are part of the documented maintenance workflow inSKILL.mdandcheck-version.py. - [COMMAND_EXECUTION]: The workflow in
SKILL.md(Step 0) utilizes shell commands includingcurl,stat, andgrepto manage versioning of the local reference file. These commands are used for metadata comparison and do not involve direct execution of remote payloads. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes user-provided diagram specifications in
SKILL.md(Step 1). The instructions lack explicit boundary markers or sanitization for this data before it is used to calculate generator scores, creating a surface where malicious specifications could attempt to bias the results. - Ingestion points: Diagram specifications are read from user files or descriptions in
SKILL.md(Step 1). - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present for the specification content.
- Capability inventory: The skill can execute shell commands (
curl,stat) and thecheck-version.pyscript has file-write capabilities. - Sanitization: There is no evidence of validation or filtering for the external specification content before analysis.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.github.com/repos/dmccreary/claude-skills/commits?path=skills/microsim-matcher/references/matching-criteria.md&page=1&per_page=1 - DO NOT USE without thorough review
Audit Metadata